Fixed issue for V5+V7 flowsets (#50)

mikemiles-dev · Michael Mileusnich · web-flow · commit 61a35b75a9f6 · 2024-04-17T15:06:30.000-06:00
* Fixed issue for V5+V7 flowsets

* Removed dbg

---------

Co-authored-by: Michael Mileusnich &lt;michaelmileusnich@Michaels-MacBook-Air-2.local&gt;
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "netflow_parser"
 description = "Parser for Netflow Cisco V5, V7, V9, IPFIX"
-version = "0.2.6"
+version = "0.2.7"
 edition = "2021"
 author = "michael.mileusnich@gmail.com"
 license = "MIT OR Apache-2.0"
diff --git a/RELEASES.md b/RELEASES.md
@@ -1,3 +1,6 @@
+# 0.2.7
+  * Added support for multiple flowsets for V5, V7.
+
 # 0.2.6
   * Re-added static and variable versions as public.
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,6 +4,7 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
+| 0.2.7   | :white_check_mark: |
 | 0.2.6   | :white_check_mark: |
 | 0.2.5   | :white_check_mark: |
 | 0.2.4   | :white_check_mark: |
diff --git a/src/snapshots/netflow_parser__tests__tests__it_parses_v5.snap b/src/snapshots/netflow_parser__tests__tests__it_parses_v5.snap
@@ -5,7 +5,7 @@ expression: "NetflowParser::default().parse_bytes(&packet)"
 - V5:
     header:
       version: 5
-      count: 512
+      count: 1
       sys_up_time:
         secs: 50332
         nanos: 672000000
@@ -16,29 +16,29 @@ expression: "NetflowParser::default().parse_bytes(&packet)"
       engine_id: 7
       sampling_interval: 2057
     body:
-      src_addr: 0.1.2.3
-      dst_addr: 4.5.6.7
-      next_hop: 8.9.0.1
-      input: 515
-      output: 1029
-      d_pkts: 101124105
-      d_octets: 66051
-      first:
-        secs: 67438
-        nanos: 87000000
-      last:
-        secs: 134807
-        nanos: 553000000
-      src_port: 515
-      dst_port: 1029
-      pad1: 6
-      tcp_flags: 7
-      protocol_number: 8
-      protocol_type: Egp
-      tos: 9
-      src_as: 1
-      dst_as: 515
-      src_mask: 4
-      dst_mask: 5
-      pad2: 1543
-
+      set:
+        - src_addr: 0.1.2.3
+          dst_addr: 4.5.6.7
+          next_hop: 8.9.0.1
+          input: 515
+          output: 1029
+          d_pkts: 101124105
+          d_octets: 66051
+          first:
+            secs: 67438
+            nanos: 87000000
+          last:
+            secs: 134807
+            nanos: 553000000
+          src_port: 515
+          dst_port: 1029
+          pad1: 6
+          tcp_flags: 7
+          protocol_number: 8
+          protocol_type: Egp
+          tos: 9
+          src_as: 1
+          dst_as: 515
+          src_mask: 4
+          dst_mask: 5
+          pad2: 1543
diff --git a/src/snapshots/netflow_parser__tests__tests__it_parses_v7.snap b/src/snapshots/netflow_parser__tests__tests__it_parses_v7.snap
@@ -5,7 +5,7 @@ expression: "NetflowParser::default().parse_bytes(&packet)"
 - V7:
     header:
       version: 7
-      count: 512
+      count: 1
       sys_up_time:
         secs: 50332
         nanos: 672000000
@@ -14,30 +14,30 @@ expression: "NetflowParser::default().parse_bytes(&packet)"
       flow_sequence: 33752069
       reserved: 101124105
     body:
-      src_addr: 0.1.2.3
-      dst_addr: 4.5.6.7
-      next_hop: 8.9.0.1
-      input: 515
-      output: 1029
-      d_pkts: 101124105
-      d_octets: 66051
-      first:
-        secs: 67438
-        nanos: 87000000
-      last:
-        secs: 134807
-        nanos: 553000000
-      src_port: 515
-      dst_port: 1029
-      flags_fields_valid: 6
-      tcp_flags: 7
-      protocol_number: 8
-      protocol_type: Egp
-      tos: 9
-      src_as: 1
-      dst_as: 515
-      src_mask: 4
-      dst_mask: 5
-      flags_fields_invalid: 1543
-      router_src: 8.9.0.1
-
+      set:
+        - src_addr: 0.1.2.3
+          dst_addr: 4.5.6.7
+          next_hop: 8.9.0.1
+          input: 515
+          output: 1029
+          d_pkts: 101124105
+          d_octets: 66051
+          first:
+            secs: 67438
+            nanos: 87000000
+          last:
+            secs: 134807
+            nanos: 553000000
+          src_port: 515
+          dst_port: 1029
+          flags_fields_valid: 6
+          tcp_flags: 7
+          protocol_number: 8
+          protocol_type: Egp
+          tos: 9
+          src_as: 1
+          dst_as: 515
+          src_mask: 4
+          dst_mask: 5
+          flags_fields_invalid: 1543
+          router_src: 8.9.0.1
diff --git a/src/static_versions/v5.rs b/src/static_versions/v5.rs
@@ -20,6 +20,7 @@ pub struct V5 {
     /// V5 Header
     pub header: Header,
     /// V5 Body
+    #[nom(Parse = "{ |i| Body::parse(i, header.count) }")]
     pub body: Body,
 }
 
@@ -60,7 +61,14 @@ pub struct Header {
 }
 
 #[derive(Debug, PartialEq, Eq, Clone, Serialize, Nom)]
+#[nom(ExtraArgs(count: u16))]
 pub struct Body {
+    #[nom(Count = "count")]
+    set: Vec<FlowSet>,
+}
+
+#[derive(Debug, PartialEq, Eq, Clone, Serialize, Nom)]
+pub struct FlowSet {
     /// Source IP address
     #[nom(Map = "Ipv4Addr::from", Parse = "be_u32")]
     pub src_addr: Ipv4Addr,
diff --git a/src/static_versions/v7.rs b/src/static_versions/v7.rs
@@ -20,6 +20,7 @@ pub struct V7 {
     /// V7 Header
     pub header: Header,
     /// V7 Body
+    #[nom(Parse = "{ |i| Body::parse(i, header.count) }")]
     pub body: Body,
 }
 
@@ -55,8 +56,15 @@ pub struct Header {
     pub reserved: u32,
 }
 
-#[derive(Debug, PartialEq, Eq, Clone, Nom, Serialize)]
+#[derive(Debug, PartialEq, Eq, Clone, Serialize, Nom)]
+#[nom(ExtraArgs(count: u16))]
 pub struct Body {
+    #[nom(Count = "count")]
+    set: Vec<FlowSet>,
+}
+
+#[derive(Debug, PartialEq, Eq, Clone, Nom, Serialize)]
+pub struct FlowSet {
     /// Source IP address; in case of destination-only flows, set to zero.
     #[nom(Map = "Ipv4Addr::from", Parse = "be_u32")]
     pub src_addr: Ipv4Addr,
diff --git a/src/tests.rs b/src/tests.rs
@@ -40,7 +40,7 @@ mod tests {
     #[cfg(not(feature = "unix_timestamp"))]
     fn it_parses_v5() {
         let packet = [
-            0, 5, 2, 0, 3, 0, 4, 0, 5, 0, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3,
+            0, 5, 0, 1, 3, 0, 4, 0, 5, 0, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3,
             4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1,
             2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7,
         ];
@@ -68,7 +68,7 @@ mod tests {
     #[cfg(not(feature = "unix_timestamp"))]
     fn it_parses_v7() {
         let packet = [
-            0, 7, 2, 0, 3, 0, 4, 0, 5, 0, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3,
+            0, 7, 0, 1, 3, 0, 4, 0, 5, 0, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3,
             4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1,
             2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1,
         ];

-Original file line number
+Diff line change
@@ @@ -1,3 +1,6 @@ @@
 +# 0.2.7
 +  * Added support for multiple flowsets for V5, V7.
++
 # 0.2.6
   * Re-added static and variable versions as public.